On Sun, Dec 18, 2011 at 06:14:19PM -0600, Chris Wopat wrote: > Claudio and crew, > > Unsure if this is a bug or intended. I was testing BGP triggered > blackholes, one of the routers that will perform the blackhole has > this rule in its bgpd.conf: > > match from group GROUP-IBGP community 1234:666 set { localpref 200 > origin igp nexthop blackhole } > > > Looking exclusively at the bgpctl output makes it appear to be not > working (186.4.134.249 is a blocked source, 10.171.0.66 is the router > triggering the blackhole, it should NOT be the nexthop): > > # bgpctl show ip bgp detail 186.4.134.249 > > BGP routing table entry for 186.4.134.249/32 > Nexthop 10.171.0.66 (via 10.171.7.166) from rr1 (10.171.0.16) > Origin IGP, metric 0, localpref 200, internal, valid, best > Last update: 00:01:42 ago > Communities: 1239:66 3356:9999 4150:666 NO_EXPORT > Originator Id: 10.171.0.66 > Cluster ID List: 10.171.0.16 > > > When you look at the actual routing table though, it is blackholed and > is functioning properly: > > # netstat -nr | grep 186.4.134.249 > 186.4.134.249/32 127.0.0.1 UGB 0 14 33160 48 lo0 > > > Is this intended behavior? >
Good question, it seems that the nexthop flags (reject/blackhole) are not shown in the "show rib detail" output. I guess the via should print out blackhole in your case. The "bgpctl show fib" output will show the B flag (IIRC). -- :wq Claudio